CVE-2023-35835

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface.

Ссылки

https://www.solaxpower.com/downloads/
Not Applicable
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
Not Applicable
https://yougottahackthat.com/blog/
Third Party Advisory
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
Third Party Advisory
https://www.solaxpower.com/downloads/
Not Applicable
https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/
Not Applicable
https://yougottahackthat.com/blog/
Third Party Advisory
https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:solax:pocket_wifi_3_firmware:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.009.03_20230504 (включая)

cpe:2.3:h:solax:pocket_wifi_3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00198

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7wff-94vq-2q76